Modify

Ticket #852 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Bitlbee does not drop groups correctly in unix.c

Reported by: David :) Owned by:
Priority: normal Milestone:
Component: BitlBee Version: 3.0.3
Keywords: Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro:

Description

When 'dropping privileges' bitlbee simply does a 'setgid' followed by a 'setuid' call in unix.c. However, this is not sufficient. The code needs to 'drop' the extra groups that the process was started with through initgroups or setgroups.

Attachments

Change History

comment:1 Changed 3 years ago by wilmer

Hmm, that seems reasonable. What's common behaviour here? I'm guessing initgroups() would be good. In case it doesn't work with numeric arguments (I've never used it TBH) I could fall back to something like setgroups(0, NULL) (assuming the default/main group doesn't have to be included).

comment:2 Changed 3 years ago by wilmer

  • Status changed from new to closed
  • Resolution set to fixed

changeset:devel,856.

I'm just using initgroups(). Only minimal error checking, and as a fallback later during the initialisation there's another warning if the process still seems to be running as root.

View

Add a comment

Modify Ticket

Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.